Cyber security: It’s not just your premises that needs securing
Sit back, strap yourself in, we’re going for a ride into realms, to find the bad guys of cyber space.
Or at the very least to learn what they want and how to protect your business.
Imagine this – it’s early morning. You’re alone at the warehouse because your employees are yet to arrive. You’ve got a lot of work to do. You make a cup of coffee, sit down, log on to your computer and go through your emails. An email from Apple says they are doing some changes and you need to type in your Apple ID and password for general maintenance.
It’s the first time they’ve sent you an email to do this. You pause for a moment, slightly suspicious, but then type in your details because it looks legitimate and you worry about what problems your system will have if you don’t do the maintenance. Besides you’re busy.
Suddenly all of your contacts, photos, music, everything that is stored on your phone has gone.
You’re one of the lucky ones because you realise you’ve been hacked. If everything still looks the same, you might never know someone has broken into your software system until one of your clients tells you their stolen information is being used. In fact, it usually takes 30 to 60 days to discover someone has attacked your software system. In some cases, it can take years to realise.
A Perth cybersecurity expert says the bad guys don’t differentiate between small and large organisations, they go after everyone. The cyber security legislation in Australia reflects this because there is no differentiation for the size of the organisation.
Even so, small to medium businesses are a more vulnerable because they tend to have less security in place.
So, let’s go back to your desk. You have a sip of your coffee and wonder what information the hacker has. More than likely they’ve stolen any Personal Identifiable Information (PII) they can find. That is, names, birthdates and addresses, possibly tax file numbers, credit information and so on. Not good, especially if that information belongs to your clients.
The bad guys won’t come and see you, or send an email saying, “I’ve got your data”. They’ll just take the stolen information and resell it on places like the Dark Web.
Your accounts department had a social attack last week. That’s where the bad guys sent an email disguised as correspondence from a trusted company or acquaintance. Once the associated link was clicked, the bad guys took over the whole computer. Some 80 per cent of attacks are done this way.
Last month your receptionist received a phone call advising him to expect an email to confirm certain details. The bad guys have discovered people are more willing to give out their personal information if they received a phone call first.
The above scenarios are all true and happen more often than we realise.
Here’s a few pointers to help your business become more cyber secure:
- Use the Cloud: If configured securely, using the cloud can increase your security and confidentiality.
- Review accounting systems: Make sure these are prepared for social engineering fraudsters who are financially motivated.
- Backup, backup, backup: Make sure your backup strategy is rock solid and fail proof.
- Plan: You’d have a plan of what to do if someone breaks into your company’s building. What about if someone breaks into your company’s software system? Plan for it.
- Email gateway: It is worth researching and investing in the security of your email gateway because this is how most successful cyberattacks and frauds happen.
- Multi-factor authorisation: This is where a user can only have access once they provide a certain number of pieces of evidence (that is only known to them). Having this is mandatory.